How to create a Splunk dashboard.

{ 01/11/2023}

Creating a Splunk dashboard is not difficult, but it does require some knowledge of the Splunk platform. To create a basic Splunk dashboard:

1. Log in to your Splunk account and select the 'Dashboards' option in the navigation menu.

2. Click the 'Create New' button to start creating a new dashboard.

3. Choose a dashboard name and select a layout.

4. Add panels and input elements to the dashboard. You can add charts, tables, timelines, and other visualizations to the dashboard.

5. Configure the display of each panel by setting the panel's title, data source, visualization type, and other options.

6. Adjust the display settings for each panel, such as the size, color, and range.

7. Save the dashboard and make it available for others to view.

With a few simple steps, you can create a powerful Splunk dashboard to help you better understand your data and make better decisions.

Splunk for healthcare? 

{01/10/2023}  Splunk will help improve compliance and patient's privacy while using the power of a machine. Splunk helps with performance monitoring, security, compliance, fraud, and patient outcomes. 

  • Performance monitoring- helps analyze data from IT servers, applications, infrastructures that assists the healthcare information exchange platform. You're able to get real time visibility results knowing when a specific process is running slowly and smoothly.  This ensures better information access and experience for all, the patients, payors and providers.
  • Security-the ability to gather data from all data sources to identify breaches and leaks concerning PHI. The proactive measures in real time to ensure privacy of patient information by monitoring unauthorized attempts.  These protective measures help demonstrate compliance with HIPAA and reducing the risk of exposure to lawsuits, fines or patient's will.
  • Compliance- addressing privacy monitoring requirements by taking advantage of an existing effective cybersecurity responses. Used to improve the security posture of organizations and create efficient workflows.
  • Fraud-Detecting and preventing fraud and errors by scanning through data in real time. Monitoring fraud patterns in claims by correlating with internal or external fraud knowledge bases.
  • Improved Patient Outcomes- Using correlated data sets to address bottlenecks in patient charts and enable resource forecasting. Detecting potential anomalies so clinicians can make the proper decisions based on current data. 

What is vulnerability management?

{12/20/2022} Vulnerability management is generally defined as categorizing, identifying, discovering, prioritizing, and resolving vulnerabilities in an operating system, cloud services, and end-user applications. 

As a vulnerability manager, the goal is to address threats, look at it this way, threats are like bad actors that take advantage of discovered vulnerabilities in an attempt to infect a server or workstation. Managing threats is an ongoing process, and as a vulnerability manager, you want to continually seek ways to identify and remediate vulnerabilities by patching and configuring security settings. 

Vulnerability Examples: Hardware (poor encryption, soiling, dust), Software (SQL injection, FTP bounce attack, timing attacks), Network (man-in-the-middle attacks, lack of authentication), Personnel (lack of security awareness and training, poor password management, downloading malware), Physical Site (unreliable power source, no keycard access), and Organizational ( lack of audit, security or incident response plan).

How are vulnerabilities defined?

 CCE- Common configuration enumeration- a list of system security configuration issues that can be used to develop configuration guidance

CVE- Common vulnerabilities and exposures- a specific vulnerability by which an attack may occur. 

CPE-Common platform enumeration-standardized methods of describing and identifying classes of applications and devices within your environment.

CVSS-Common vulnerability scoring system- works to assign severity scores to each defined vulnerability and is used to prioritize remediation efforts.

So what's the vulnerability management process?

1st things first discover- you can't secure what you're unaware of, lol. So yes we need to perform a network scan and a system scan.

2nd prioritize- discover the assets that need to be categorized into a group and assign a risk-based prioritization critically to an organization.

3rd assess- We need to establish a risk baseline for the point of reference as vulnerabilities are remediated and risks can be eliminated.

4th remediate-based upon the risk prioritization, vulnerabilities should be fixed. Once remediation is completed, we can document it.

5th verify-  validating the remediation is now accomplished through multiple scans and IT reports.

6th report- Executives, the IT department, and C-suite all have to understand the current state of risk around vulnerabilities. It needs the reporting on vulnerabilities, and how they were identified and remediated, the execs need a summary of the current state of the vulnerability (color codes), and C-suite needs to know the simple risk scores across the business.

So let's continue to monitor and help protect the environment a lot better, Compliance auditing and reporting, data classification, threat detection and response, SIEM and log data correlation, intrusion detection, asset discovery, and privilege access management.

What is Palo Alto and pf Sense? 12/10/2022

Palo Alto and PFSense are two popular technologies used for traffic analysis. They can be used to monitor and analyze network traffic, detect malicious activity, and prevent cyber attacks.

Palo Alto is an application security platform that provides deep packet inspection and threat protection. It uses a combination of signature-based detection, behavioral analysis, and machine learning to identify malicious activity. It can be used to detect malware, phishing attempts, and other malicious activity. It also offers advanced features such as URL filtering, data loss prevention, and data exfiltration prevention.

PFSense is an open source firewall and router solution that provides highly secure and reliable network security. PFSense is an easy-to-use, feature-rich firewall solution that can be used to protect networks from threats such as malware, phishing, and other malicious activities. It can also be used to provide VPN services, ensure traffic compliance, and perform traffic analysis.

Using Palo Alto and PFSense together is an effective way to secure a network and monitor traffic. Both technologies allow for detailed analysis of traffic, including IP addresses, port numbers, and protocols. This allows administrators to identify malicious activity, block suspicious traffic, and prevent attacks.

Using Palo Alto and PFSense together is also an effective way to monitor the performance of a network. Both technologies can be used to measure packet latency, packet loss, and other network performance metrics. This helps administrators identify potential network performance issues and take corrective action.

Overall, using Palo Alto and PFSense together is an effective way to secure and monitor a network. They provide comprehensive security and performance monitoring, and can be used to detect and prevent malicious activity. By combining these two technologies, administrators can ensure their networks are secure and performing optimally.

Intro to Defensive Security-12/05/2022

I completed a learning path on TryHackMe, my very first hacking assignment and I learned so much. 

Offensive security focuses on one thing: breaking into systems. 
Red teams and penetration testers specialize in offensive security. 

Defensive security focused on preventing intrusions from occurring and detecting intrusions when they occur and responding properly. (Blue teams) 

*In my first exercise, I had to figure out what color team focuses on defensive security. Some of the tasks related to defensive security are user cyber security awareness, documenting and managing assets, updating and patching systems, setting up preventative security devices, setting up logs, and monitoring devices.

In my second exercise I had to identify the name of cyber security professionals that monitors a network and its systems for malicious events which is a security operation center. What does DRIR stand for? Digital Forensics and Incident Response. identify which kind of malware requires the user to pay money to regain access to their files. (Ransomware)

In the third exercise, I had to act as though I was a part of a SOC and was responsible for protecting a bank. My goal was to figure out the flag that was obtained.

       CyberSecurity: Inside a Security Operations Center- 12/05/22

      This course was super informative, I learned key elements that bring value to any SOC. I was able to understand the tools needed by SOCs for business needs.

      Discovered Incident response with a live demo of real-life investigations.

      Learned standard KPIs/KRIs of a SOC and how to design a KPIs system.

      Discovered the basics about the structure of a SOC, the roles, governance, vendors, and training for the roles.